The incident response and computer network forensics course introduced students to utilizing different tools in a forensic investigation and creating a structured incident response plan effectively. Network forensics uses specialized tools to examine devices, hard drives, networks, or anything that can provide information to the investigation. An incident response plan will detail precisely who, what, where, why, and how the incident will be handled. The forensics will be incorporated into the incident response plan for each specific incident type.
Reflection
Organizing and maintaining an incident response (IR) plan can determine the success or failure of the organization. The IR team must be accurate and swift when an incident occurs to have a detailed conclusion on how the events unfolded. The IR team can have multiple roles and responsibilities depending on the size and type of business.
The critical phases in an IR plan are Preparation, Detection Analysis, Containment, Eradication, Post-Incident Recovery, and Lesson Learned. Organizations can combine the stages if needed to reduce the steps when creating an IR plan. In the IR plan, computer forensics-related steps and roles will be identified. Computer forensics is the method of gathering information or data from a system. This technique is used for analysis and preserves evidence that may be used to present in a court of law. In the course, I learned to use forensics tools to gather information and answer questions about timing and location. The ability and skills to gather and analyze the data and conclude an answer is a powerful skill set in the cybersecurity industry. I foresee using the skills and knowledge I learned in this course when analyzing a computer or hard drive in my work area. Depending on the environment I work in, shared hard drives and flash drives are used to store information. Knowing that there is a possibility to recover documents and see what data has been altered is paramount in the aerospace sector.
Although the final project was not a real event, researching and expressing the data I gathered represented a real-world incident that may happen to any organization.
Your browser does not support viewing this document. Click here to download the document.